How ALTR helped Q2’s Biller Direct offering become Level 1 PCI DSS certified in 30 days
More than just tokenization, ALTR’s cloud-native DSaaS (Data Security as a Service) platform flexes its muscles in the most stringent regulatory environments.
Q2 creates simple, smart, end-to-end banking and lending experiences for today’s top financial institutions. In this case study, we will focus on Q2’s Biller Direct application that provides a centralized payment environment where users can enroll, manage their bills, and view projected spend. This application was set to be a key differentiator in the market, offering capabilities with which none of Q2’s competitors could compete.
The challenge Q2 was facing with Biller Direct is the application made them responsible for a windfall of new sensitive payment data (more than 250,000 new credit card numbers) that would be subject to PCI DSS. For this application to succeed, Q2 needed to become PCI-certified so they could prove to regulators and customers that all the valuable data would be safe.
With the go-live date getting closer, the team had to quickly find a solution. To ensure Biller Direct got certified in time, Q2 needed to separate Biller Direct from any additional application environments. This led to a cloud-only deployment for the application, further requiring a cloud-native PCI-certified solution.
“ALTR showed us a vision for solving our PCI compliance and operational security challenges that exceeded what we expected to find in the market. The combination of transparency in tracking access to our data, the ability to enforce policy in real-time and the blockchain storage option for protecting sensitive data was not available from anyone else we evaluated.”
Simply put, ALTR allowed Q2 to remove all sensitive data from the environment and securely store it in the cloud. As a result, Q2 was able to achieve Level 1 PCI status in record time. Here’s how:
Installed Quickly and Easily – ALTR was up and running in days, not months like other solutions on the market. Using ALTR’s smart database driver approach, ALTR integrated into a single point of the application and allowed Q2 to reuse large amounts of code, preventing a complete rewrite.
Secured the Cloud – Because Q2 was determined to remove all PCI scope from its main data centers, the organization needed a solution that could isolate and protect all its sensitive data in the cloud. Using ALTR’s patented tokenization as a service solution, Q2 not only reduced the scope of sensitive data in its environment, but its data is now secure through its entire data lifecycle. (Learn more about tokenization as a service here.)
Controlled Data Consumption - ALTR’s ability to record all data consumption to a tamper-resistant log gave Q2 a trusted audit trail with the added bonus of detailed insights into how the data was being consumed within the Biller Direct application. Using ALTR’s cloud-based policy engine, Q2 was able to apply this information to begin governing data consumption, resulting in complete control over who can access what data, when, where, and how much.
Within 30 days of installing ALTR, Q2 Biller Direct achieved PCI DSS Level 1 compliance, allowing the application to now be hosted entirely in the cloud. Biller Direct has been a huge success, providing Q2 with valuable insights and control over how data is consumed within their organization and setting Q2 apart in the market. In the end, Q2 made Biller Direct a next-generation, card-centric payment model, enriching the overall financial experience and turning bill pay from an expense into a revenue source.
“New threats against data protection measures are surfacing every day. ALTR provides the next generation of data security technology, rendering data virtually inaccessible to bad actors and providing the ultimate level of protection against our financial institutions’ account holders.”